Sec 6.9 Vulnerability assessments
Which of the following functions can a port scanner provide? (Select two.)
Auditing IPsec encryption algorithm configuration Discovering unadvertised servers Determining which ports are open on a firewall Ex:Port scanners can determine which TCP/UDP ports are open on a firewall and identify servers that may be unauthorized or running in a test environment. Many port scanners provide additional information, including the host operating system and version, of any detected servers. Hackers use port scanners to gather valuable information about a target, and system administrators should use the same tools for proactive penetration testing and ensuring compliance with all corporate security policies.
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (Select three.)
Check user accounts for weak passwords Check for open ports Analyze packets for evidence of an attack Gather performance statistics for setting a baseline Check for missing patches Microsoft Baseline Security Analyzer (MBSA) is a vulnerability scanner that can check for the following weaknesses: Open ports Active IP addresses Running applications or services Missing critical patches Default user accounts that have not been disabled Default, blank, or common passwords
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use?
Credentialed scan Network mapping scan Port scan Non-credentialed scan
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Document your actions Use a port scanner to check for open ports Run the vulnerability assessment again
You want to check a server for user accounts that have weak passwords. Which tool should you use?
Nessus Retina John the Ripper John the Ripper is a password cracking tool. Password crackers perform cryptographic attacks on passwords. Use a password cracker to identify weak passwords or passwords protected with weak encryption.
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? (Select two.)
Nessus Retina OVAL Wireshark A vulnerability scanner is a software program that searches an application, computer, or network for weaknesses, such as open ports, running applications or services, missing critical patches, default user accounts that have not been disabled, and default or blank passwords. Vulnerability scanning tools include Nessus, Retina Vulnerability Assessment Scanner, and Microsoft Baseline Security Analyzer (MBSA).
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper Ping scanner Port scanner A network mapper is a tool that can discover devices on the network and show those devices in a graphical representation. Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices.
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?
OVAL OSSTMM MBSA The Open Vulnerability and Assessment Language (OVAL) is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. OVAL is sponsored by the National Cyber Security division of the US Department of Homeland Security. OVAL identifies the XML format for identifying and reporting system vulnerabilities. Each vulnerability, configuration issue, program, or patch that might be present on a system is identified as a definition. OVAL repositories are like libraries or databases that contain multiple definitions.
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?
Port scanner Network mapper Vulnerability scanner Use a vulnerability scanner to gather information about systems, such as the applications or services running on the system. The vulnerability scanner often combines functions found in other tools and can perform additional functions, such as identifying open firewall ports, missing patches, and default or blank passwords.
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?
System logs Port scanner IDS
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario?
TCP SYN scan Non-credentialed scan Credentialed scan
Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets?
TCP SYN scan TCP ACK scan TCP connect scan A TCP SYN scan is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK packets (which indicate that a port is listening) or RST/ACK packets (which indicate that a port is not listening).
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?
Threat agent Library Definition
You want to use a vulnerability scanner to check a system for known security risks. What should you do first?
Update the scanner definition files Apply all known patches to the system Perform a port scan Before using a vulnerability scanner, you should update the definition files. The definition files identify known security risks associated with the system. Some scanners update the definition files automatically, while others require you to download the latest definition files.